Image Verification By An Electronic Device

ABSTRACT

A method for verifying an image by a first electronic device, the method comprising the first electronic device: sending a request for an image to a second electronic device, wherein the second electronic device is remote from the first electronic device and, optionally, a server; receiving an image and a certificate from the second electronic device, wherein the certificate comprises a protected checksum of at least the image; generating a checksum in dependence on at least the received image; performing a comparison in dependence on said generated checksum and the protected checksum received in the certificate; and verifying the received image in dependence upon the comparison. Advantageously, the first electronic device is able to verify each received image and to prevent the display of any received images that are not authenticated. Applications include the display of card images.

FIELD

The present disclosure relates generally, but not exclusively, to the verification of images provided to electronic devices. In an exemplary embodiment, an electronic wallet is able to verify the authenticity of a received image before displaying a full card image comprising the received image.

BACKGROUND

There are numerous applications in which it is desirable to display an image on an electronic device. For example, when the user of an electronic device is viewing information from a service provider, displaying a logo or card image of the service provider gives the user a feeling of security and familiarity when viewing the information.

An application in which it is particularly desirable to display a familiar product image of a service provider is when generating a display of a cardholder's bankcard, that may represent an original physical plastic card. FIGS. 1 a and 1 b show card images of the front face of bankcards. FIGS. 1 c and 1 d show card images of the rear face of bankcards.

The generation of the images shown in FIGS. 1 a, 1 b, 1 c and 1 d allow card images to be displayed by, for example, a mobile telephone. This solves the problem of a cardholder having to carry a physical card since the virtual card displayed on the mobile telephone can be presented instead.

In order for an electronic device to display a specific image, the displayed image must be retrievable either from an internal memory in the electronic device or by the electronic device from an external source.

A problem with storing images on an electronic device is that the electronic device must have a large storage capacity if it is to be able to store all possible images that may be required to be displayed. Providing a large storage capacity is especially difficult with a portable electronic device. In addition, the images that are required to be displayed may be new images not already stored by the electronic device, or modified versions of existing images.

For an electronic device to display any image, it is therefore preferable for the image to be communicated to the electronic device from an external source.

A problem with known techniques for providing an electronic device with a specific image for display is that the electronic device has no way of verifying the trustworthiness of the received image. If a malicious party conducts, for example, a Domain Name System, DNS, attack, this can result in the electronic device receiving and displaying an incorrect image. This may be highly embarrassing and cause reputational damage to a service provider, such as a bank, if a wholly inappropriate image was displayed.

SUMMARY

According to a first aspect of the disclosure, there is provided a method for verifying an image by a first electronic device, the method comprising the first electronic device: sending a request for an image to a second electronic device, wherein the second electronic device is remote from the first electronic device and, optionally, a server; receiving an image and a certificate from the second electronic device, wherein the certificate comprises a protected checksum of the image; generating a checksum in dependence on the received image; performing a comparison in dependence on said generated checksum and the protected checksum received in the certificate; and verifying the received image in dependence upon the comparison.

Advantageously, the first electronic device is able to verify each received image and to prevent the display of any received images that are not authenticated.

In some embodiments, the protected checksum received in the certificate is a signed checksum and/or an encrypted checksum, the method further comprising: if the received protected checksum is encrypted, decrypting the encrypted checksum received in the certificate and performing said comparison in dependence on the decrypted checksum; and if the received protected checksum is a signed checksum, performing said comparison of the generated checksum and the checksum received in the certificate and verifying the received image by comparing the generated and signed checksums and validating the signature.

In some embodiments, the method further comprises the first electronic device displaying an image comprising the received image in dependence on the verification.

In some embodiments, the method further comprises the first electronic device receiving additional information associated with the image from the second electronic device; and generating a display of an image comprising the received image in dependence on the additional information.

In some embodiments, the additional information specifies one or more of the colour depth of the image, the size of the image and how the image should be displayed with other information.

In some embodiments, the method further comprises the first electronic device displaying an image comprising the received image and other information, wherein the other information is received from a source other than the second electronic device.

In some embodiments, the image is the background image corresponding to a service provider and the additional information specifies how the other information is overlaid on the background image in accordance with the specifications of the service provider.

In some embodiments, the displayed image comprises the front and/or back faces of a card; and the other information is account information.

In some embodiments, the method further comprises the first electronic device: receiving the certificate as metadata of, or within, the received image; and, if additional information is received with the image, receiving the additional information as metadata of, or within, the image.

In some embodiments, the method further comprises the first electronic device transmitting an indication of a desired size of an image to be received from the second electronic device with the request for an image.

In some embodiments, the received protected checksum is dependent on the image and the additional information, and the method comprises generating a checksum, for verifying the received image and additional information, in dependence on the received image and the additional information.

According to a second aspect of the disclosure, there is provided a method in a second electronic device for providing a requested image to a first electronic device, the method comprising the second electronic device: receiving a request for an image from a first electronic device; retrieving, in response to receiving the request, the image requested by the first electronic device; transmitting the retrieved image together with a certificate associated with the retrieved image to the first electronic device, wherein the certificate comprises a protected checksum of the retrieved image.

In some embodiments, the method further comprises the second electronic device: obtaining the protected checksum by obtaining a signed checksum of at least the retrieved image; and/or obtaining the protected checksum by obtaining an encrypted checksum of at least the retrieved image.

In some embodiments, the method according to the second aspect further comprises the second electronic device generating said checksum for each retrieved image.

In some embodiments, the method according to the second aspect further comprises the second electronic device retrieving additional information associated with the requested image; and transmitting the additional information with the image, wherein the additional information provides display information of the image.

In some embodiments, in the method according to the second aspect, the information stored by the second electronic device for transmitting to a first electronic device, consists of images and additional information associated with the images.

In some embodiments, in the method according to the second aspect, the received request comprises an indication of a size of an image, and the method further comprises converting, by the second electronic device, the size of the retrieved image in dependence on the received indication prior to the image being transmitted to the first electronic device.

In some embodiments, in the method according to the second aspect, the second electronic device only stores the largest size of each image that can be provided to the first electronic device.

In some embodiments, the method according to the second aspect further comprises the second electronic device: storing the converted version of the image; and retrieving the stored version of the image for transmitting to an electronic device when another request for said image of said indicated size is received.

In some embodiments, the method according to the second aspect further comprises the second electronic device: transmitting the certificate as metadata of, or within, the transmitted image; and, if additional information is transmitted, transmitting the additional information as metadata of, or within, the transmitted image.

In some embodiments, each checksum is dependent on a retrieved image and additional information of the retrieved image.

According to a third aspect of the disclosure, there is provided a method in a system comprising a first electronic device and a second electronic device, the method comprising: the method for verifying an image by the first electronic device according to the first aspect described above; and the method in the second electronic device for providing a requested image according to the second aspect described above.

According to a fourth aspect, there is provided an electronic device configured to perform the method according to the first aspect described above.

According to a fifth aspect, there is provided an electronic device, such as a server, configured to perform the method of the second aspect described above.

According to a sixth aspect, there is provided a system configured to perform the method of the third aspect described above.

DRAWINGS

Embodiments of the present disclosure will be described, by way of example only, with reference to the accompanying drawings, in which:

FIGS. 1 a and 1 b show representations of the front face of a virtual bankcard, and FIGS. 1 c and 1 d show representations of the rear face of a virtual bankcard;

FIG. 2 shows a system comprising an electronic device in communication with a server according to an embodiment of the present disclosure;

FIG. 3 is a method performed by an electronic device according to an embodiment of the present disclosure;

FIG. 4 is a method performed by a server according to an embodiment of the present disclosure; and

FIG. 5 shows an image of the rear face of a bank card that is retrievable from a server according to an embodiment of the present disclosure.

DETAILED DESCRIPTION

According to the embodiments of the systems and methods described herein, an electronic device 201 requests and receives one or more images for display. Advantageously, the electronic device 201 is able to verify the trustworthiness of each received image prior to the image being displayed. This prevents the display of any incorrect images that may be transmitted to the electronic device 201, for example, as a result of a DNS attack or other malicious activity.

FIG. 2 shows a system 200 according to an embodiment of the present disclosure. The system 200 comprises an electronic device 201 and a server 202. The electronic device 201 and the server 202 communicate with each other over a communications link 203. The communications link 203 may be wireless or fixed line.

Embodiments of the present disclosure include any electronic device 201 for displaying an image. In particular, but not exclusively, the method according to the embodiments described herein is contemplated for use by mobile phones, smart phones, Personal Digital Assistants, PDAs, laptop computers, tablets, fixed terminal computers, games consoles and televisions.

The server 202 stores images and information associated with the images. The Uniform Resource Locator, URL address of a resource supported by the server 202 for providing the service according to embodiments of the present disclosure is public information and any electronic device 201 can send a request for an image to the resource on the server 202. It is not necessary for the address of the resource supported by the server to be an URL address and any other type of address may be used. The server 202 is arranged to provide requested images to a large number of electronic devices 201.

Embodiments of the present disclosure are described in detail below with reference to the display of card images of financial service providers, in particular for generating a display of front and/or back faces of a bankcard. Although this is a preferred embodiment, embodiments are not limited to generating displays of card images and embodiments including the display of any image by any electronic device 201.

According to a first embodiment of the present disclosure, an electronic device 201 is provided with an address, for example a URL, that is the address of a resource on a server 202 that stores images, such as card images of service providers. The electronic device 201 uses the address to send a request to the resource with a reference that identifies the image that the electronic device 201 requires. For example, the electronic device 201 may be a mobile telephone, with the image reference being obtained by the mobile telephone during a provisioning or discovery phase of a mobile wallet application. Preferably, the image reference is short in order to keep the message length down and reduce the amount of information transferred when sending a request for an image.

The server 202 identifies the desired image from the received reference and sends the image to the electronic device 201 together with a certificate associated with the sent image. The certificate comprises a checksum, or hash, of at least the sent image data. The checksum, or hash, is protected by being signed and/or encrypted. If the checksum is encrypted, this may be with the private key of a certification authority or by any other encryption technique. If the checksum is signed, the signature could be produced using the private key of a certificate authority, or other known techniques.

The certificate is preferably transmitted as metadata of the image that it is associated with. However, it is not essential for the certificate to be transmitted as metadata and the certificate could alternatively be transmitted in other ways, such as the certificate being part of the image. That is to say, the image is modified to include the certificate. A viewer of the image would see the certificate as “noise” on the image, but the certificate could be extracted from the image by a processor.

The electronic device 201 receives the image data and the certificate. If the received checksum has been encrypted, the received checksum is then decrypted by the electronic device 201, for example by using a public key that corresponds to the private key used to encrypt the data. In addition, the electronic device 201 generates a checksum from the received image data.

If the received checksum is not signed, the electronic device 201 then compares the generated checksum with the received checksum. If the checksums are the same, then the image is determined to be trustworthy and the electronic device 201 proceeds to display the image. If, however, the checksums are different, the image is determined to be incorrect and the electronic device 201 does not display the image.

If the received checksum is signed, the electronic device 201 compares the generated checksum with the signed checksum and the image is determined to be trustworthy and displayed in dependence on successful validation of the signature. The validation may be performed using the corresponding public key to a private key used to generate the signature.

Advantageously, the electronic device 201 is able to verify each received image and to prevent the display of any unauthenticated images that are received.

FIG. 3 shows a flowchart of a method for verifying an image by an electronic device 201 according to one embodiment of the present disclosure.

In step 301, the process begins.

In step 303, the electronic device 201 sends a request for an image to a server 202.

In step 305, the electronic device 201 receives an image and a certificate from the server 202, wherein the certificate comprises a protected checksum of the image.

In step 307, the electronic device 201 generates a checksum in dependence on the received image.

In step 309, the electronic device 201 performs a comparison in dependence on said generated checksum and the protected checksum received in the certificate.

In step 311, the electronic device 201 verifies the received image in dependence upon the comparison.

In step 313, the process ends.

FIG. 4 shows a flowchart of a method in a server 202 for providing a requested image to an electronic device 201 according to the first embodiment.

In step 401, the process begins.

In step 403, the server 202 receives a request for an image from an electronic device 201.

In step 405, the server 202 retrieves, in response to receiving the request, the image requested by the electronic device 201.

In step 407, the server 202 transmits the retrieved image together with a certificate associated with the retrieved image to the electronic device 201, wherein the certificate comprises a protected checksum of the retrieved image.

In step 409, the process ends.

The preferred generation of each certificate is described in more detail below.

The server 202, or preferably an independent third party such as a certificate authority, can generate the protected checksum in each certificate. Embedded into the software of the electronic device 201 is a Certificate Authority Key, or set of keys, that allows the electronic device to verify the source of the protected checksum. Once the source of the protected checksum has been validated, it is determined that its contents can be trusted, and the image checksum referenced by, or included in, the certificate obtained and compared with the checksum of the actual received image. Advantageously, the protected checksum coming from a trusted source and the determination of a correct checksum both ensure that an image is correctly authenticated.

An advantage of using a third party for checksum creation is that there only needs to be one checksum generation source, and therefore one key in the electronic device 201. In addition, new or additional servers can be provided without having to provide a new key to the electronic device 201. Preferably, the checksums are generated in real time through use of an online link between the server 202 and the third party for certificate creation.

It is not necessary for the checksum to be encrypted in the certificate, it may just be ‘signed’ by the certificate authority in the form of a certificate. There are many ways of producing such a certificate, such as directly putting the checksum into the certificate data (and hence encrypting it) or putting a hash of the checksum and potentially other associated data in the certificate.

According to a second embodiment of the present disclosure, in addition to the certificate, additional information is stored with the image that describes how the image should be displayed. This ensures that the image displayed by the electronic device 201, which may comprise other information not received from the server 202, is displayed in accordance with the specifications of, for example, a service provider corresponding to the requested image.

The electronic device 201 uses the address, that may be a URL, to send a request with an image identifier as described for the first embodiment. The server 202 responds to the request by transmitting the requested image, the certificate associated with the image and the additional information that describes how the image should be displayed. The additional information and certificate may be transmitted as metadata for the image that they are associated with or within the image. The electronic device 201 then generates an image comprising the retrieved image, together with other information that has already been obtained/generated by the electronic device 201, according to the instructions provided by the received additional information.

For example, the requested image from a server may be that of the rear face of a bank card, as shown in FIG. 5. The additional information is layout information that is metadata of the image. The electronic device 201 retrieves account information from a cardlet, which is a secure element within the electronic device. The card image as shown in FIG. 1 d may therefore be displayed using the retrieved image, the layout information and the account information. The server therefore stores and provides background images for displaying card images, layout information and certificates of the images. The information from the cardlet provides the image reference of a required background image as well as the data elements to be overlaid on the image, such as the primary account number, PAN, PAN sequence number, expiry date, start date, cardholder name, card verification code, CVC2, etc.

Advantageously, by providing the layout information as metadata of, or within, the image rather than as information provided by a cardlet, a service provider can change the image without being constrained by the layout information originally stored in the cardlet.

According to a third embodiment of the present disclosure, the additional information may, as an alternative or in addition to the second embodiment, describe information such as the colour depth of the retrieved image or the number of pixels of the image. Advantageously, this provides the electronic device 201 with information that can be used to improve the display, or generation of the display, of the image.

According to a fourth embodiment of the present disclosure, in addition to sending a reference of the desired image in the request sent to the address, e.g. URL, the electronic device 201 sends a request for a particular size of image.

If the electronic device 201 is, for example, a mobile telephone, the required physical size of the image is relatively small and a large number of pixels is not required to provide an appropriate display of the image. If, however, the electronic device 201 is a television, the displayed image will be a lot larger and more pixels may be required to appropriately display the image. The fourth embodiment therefore allows the electronic device 201 to request an appropriate size of image given the display capabilities of the electronic device 201.

When the server 202 providing the image receives a request for an image of a particular size, the server 202 may retrieve an image of the requested size if an image of the requested size is already stored in the server 202. Alternatively, the server 202 may only store images with the highest definition, i.e. highest number of pixels, that it can provide. When an electronic device 201 requests an image with a lower definition, i.e. a lower number of pixels, the server 202 converts the high definition image stored therein into a lower definition image for transmitting to the electronic device 201.

In addition to obtaining an image of the requested size, the server 202 also obtains the certificate for the image. The certificate for each image may already have been generated and stored with each size of each image or, preferably, the server 202 generates the certificate of each transmitted image every time each image is retrieved, and, if required, re-sized, prior to each image being transmitted to the electronic device 201.

Advantageously, electronic devices 201 such as televisions receive images with an appropriate definition for the large size of their display. Electronic devices 201 such as mobile telephones receive a lower definition image that is appropriate for their smaller size of display and the bandwidth requirements for transmitting to the mobile telephone are reduced due to the lower definition image being transmitted.

Preferably, the server 202 providing the images only stores images and additional information for each of the images. This allows the server 202 to efficiently provide the requested information by providing a database that can be easily searched with an image reference to retrieve a requested image. It is particularly advantageous over techniques requiring electronic devices 201 to use html to obtain images from webpages as webpages comprise text, and other information, as well as the images and to extract only desired image data is difficult.

In addition, an image retrieved from a known webpage does not provide any of the advantages of the embodiments since the image is not transmitted with a certificate that allows the image to be verified, no additional information for improving the display of the image is provided and the image is only of a low definition.

The flowcharts and description thereof herein should not be understood to prescribe a fixed order of performing the method steps described therein. Rather, the method steps may be performed in any order that is practicable. Although the present disclosure has been described in connection with specific exemplary embodiments, it should be understood that various changes, substitutions, and alterations apparent to those skilled in the art can be made to the disclosed embodiments without departing from the spirit and scope of the disclosure as set forth in the appended claims.

In particular, embodiments of the disclosure have been described with reference to a server 202. Embodiments of the disclosure also extend to other electronic devices performing the operations of the server 202 as described herein.

In the above described embodiments, a resource supported by the server 202 is described as having an URL address that is public information so that any electronic device 201 can send a request for an image to the resource supported by the server 202. However, the use of an URL address is only a preferred technique and any other method of requesting a resource supported by the server 202 may be used.

According to embodiments, the image file may contain the certificate and associated data, or, alternatively, the image file may be a normal image file with a separate set of associated data and a separate certificate. It is possible for extra data (e.g. both the certificate and associated data if required) to be embedded into an image file, which can be displayed as a normal image in a standard image viewer, but the ‘extra’ data can be extracted by special software.

In the above described embodiments, the checksum is of the sent image data. However, embodiments also include the checksum being of the sent image data as well as any additional information or any other associated data. 

1. A method for verifying an image by a first electronic device, the method comprising: sending, at the first electronic device, a request for an image to a second electronic device, wherein the second electronic device is remote from the first electronic device; receiving, at the first electronic device, an image and a certificate from the second electronic device, wherein the certificate comprises a protected checksum of at least the image; generating, at the first electronic device, a checksum in dependence on at least the received image; performing, at the first electronic device, a comparison in dependence on said generated checksum and the protected checksum received in the certificate; and verifying, at the first electronic device, the received image in dependence upon the comparison.
 2. The method according to claim 1, wherein the protected checksum received in the certificate is a signed checksum and/or an encrypted checksum, the method further comprising: if the received protected checksum is encrypted, decrypting, at the first electronic device, the encrypted checksum received in the certificate and performing said comparisons in dependence on the decrypted checksum; and if the received protected checksum is a signed checksum, performing said comparison of the generated checksum and the checksum received in the certificate and verifying the received image by comparing the generated and signed checksums and validating the signature.
 3. The method according to claim 1, further comprising displaying, at the first electronic device, an image comprising the received image in dependence on the verification.
 4. The method according to claim 1, further comprising receiving, at the first electronic device, additional information associated with the image from the second electronic device; and generating, at the first electronic device, a display of an image comprising the received image in dependence on the additional information.
 5. The method according to claim 4, wherein the additional information specifies one or more of the colour depth of the image, the size of the image and how the image should be displayed with other information.
 6. The method according to claim 5, further comprising displaying, at the first electronic device, an image comprising the received image and other information, wherein the other information is received from a source other than the second electronic device.
 7. The method according to claim 6, wherein the image is the background image corresponding to a service provider and the additional information specifies how the other information is overlaid on the background image in accordance with the specifications of the service provider.
 8. The method according to claim 6, wherein the displayed image comprises the front and/or back faces of a card; and the other information is account information.
 9. The method according to claim 1, further comprising: receiving, at the first electronic device, the certificate as metadata of, or within, the received image; and, if additional information is received with the image, receiving the additional information as metadata of, or within, the image.
 10. The method according to claim 1, further comprising transmitting, at the first electronic device, an indication of a desired size of an image to be received from the second electronic device with the request for an image.
 11. The method according to claim 4, wherein the received protected checksum is dependent on the image and the additional information, and the method further comprises generating, at the first electronic device, a checksum, for verifying the received image and additional information, in dependence on the received image and the additional information.
 12. A method in a second electronic device for providing a requested image to a first electronic device, the method comprising: receiving, at the second electronic device, a request for an image from a first electronic device; retrieving at the second electronic device, in response to receiving the request, at least the image requested by the first electronic device; transmitting, at the second electronic device, the retrieved image together with a certificate associated with the retrieved image to the first electronic device, wherein the certificate comprises a protected checksum of at least the retrieved image.
 13. The method according to claim 12, further comprising: obtaining, at the second electronic device, the protected checksum by obtaining a signed checksum of at least the retrieved image; and/or obtaining, at the second electronic device, the protected checksum by obtaining an encrypted checksum of at least the retrieved image.
 14. The method according to claim 12, further comprising generating, at the second electronic device, said checksum for each retrieved image.
 15. The method according to claim 12, further comprising retrieving, at the second electronic device, additional information associated with the requested image; and transmitting, at the second electronic device, the additional information with the image, wherein the additional information provides display information of the image.
 16. The method according to claim 12, wherein the information stored by the second electronic device for transmitting to a first electronic device, consists of images and additional information associated with the images.
 17. The method according to claim 12, wherein the received request comprises an indication of a size of an image, and the method further comprises converting, by the second electronic device, the size of the retrieved image in dependence on the received indication prior to the image being transmitted to the first electronic device.
 18. The method according to claim 17, wherein the second electronic device only stores the largest size of each image that can be provided to the first electronic device.
 19. The method according to claim 17, further comprising: storing, at the second electronic device, the converted version of the image; and retrieving, at the second electronic device, the stored version of the image for transmitting to an electronic device when another request for said image of said indicated size is received.
 20. The method according to claim 12, further comprising: transmitting, at the second electronic device, the certificate as metadata of, or within, the transmitted image; and, if additional information is transmitted, transmitting the additional information as metadata of, or within, the transmitted image.
 21. The method according to claim 15, wherein each protected checksum is dependent on a retrieved image and additional information of the retrieved image. 22.-25. (canceled) 